Managing Your Passwords After You Die
As I sat at my desk this morning, cup of coffee steaming in the sunlight, I began to wonder what would happen to this ‘avalanche’ I call an inbox if I died tomorrow… Grim thought I know, but located here (and here alone) are records of communications with lawyers and consultants, client documents, contracts, invoices, contact lists, mail-out lists and more.
In fact, there’s probably a metric tonne in here that I’ve completely forgotten about, and two weeks from now I’ll be frantically searching my inbox for a forgotten PDF of some kind.
By the same token, what about my phone? I have 110.2 GB of data on my phone, most of which is not available anywhere else. How important are the 51 GB of photos, messages, voicemails, notes, ebooks, conversations, and other app data?
In fact, what about my social media accounts? In this case, I’d probably not want all the cringe-filled content from my teenage years lying around on the internet, entertaining friends and family for all eternity…
So with fear in mind, I turned to Google to find out exactly what happens to my accounts, passwords and data when I pass away.
As it turns out, managing your passwords/accounts after you die is a mess. At the very least, it requires half-a-dozen or more applications and ultimately, your options tend to primarily depend on the provider. Facebook, Twitter and Instagram have systems available, as does Gmail. However, most others do not – including iCloud and all physical devices. Added layers of complexity become apparent if you don’t want others receiving access before you’re gone, and maintaining whatever solution you decide on can be hindered by the maintenance required to update passwords.
First the biggie – email. Our email is where we manage the majority of our life ‘business’. Not to mention, access to your email will often allow other people to reset passwords on other accounts you own.
The availability access to your email after you pass away primarily depends on your email client – i’ll cover the two most popular enterprise options below:
If you use Google’s Gmail product, it includes the option to assign an ‘Inactive Account Manager’. The idea is that should your account be inactive for a certain period of time (the default is 3 months), Google will turn over access to your account to someone else (of course during this time they will try to contact you multiple times).
It is important to note that whoever you select will receive access to data, but will not be able to assume control of the account (i.e. send emails in your name).
To set this feature up, head to this page, decide how long you wish to wait, and enter your details. You will then be able to select an emergency contact.
By contrast, if you or your business are using Microsoft Outlook or other Microsoft products (includes email accounts with addresses that end in Outlook.com, Live.com, Hotmail.com, and MSN.com), your situation is a bit more dire.
By default, any account that is inactive for a period of 2 years is automatically deleted. If someone wants to gain access, and they’re unable to get their hands on your login details before this time, they’ll be required to formally provide Microsoft with a valid, non-criminal subpoena or court order to consider whether they are able to lawfully release a deceased or incapacitated users information, along with proof of death or medical certification of incapacitation.
While Gmail’s system is obviously preferable, it seems a poorly thought out system for something that is going to be a massive headache for all of us at some stage.
With the amount of time we spend online, it is arguable that we now possess an ‘online-self’ that coexists with our real world self – so what happens to this version of us when we pass away?
Well the default is…nothing. Your account just remains online for infinity unless your family decides they wish to take it down either on their own, or in accordance to your wishes.
Now, while they don’t allow you to nominate access to someone after you die, Instagram, Facebook, Youtube and Twitter do have a process in place to allow your loved ones to remove or (in some cases) memorialise your accounts should you pass away.
Instagram & Facebook
Instagram/Facebook (they’re now the same company) clearly state that “we can’t provide login information. It’s always against our policies for someone to log into another person’s account” – however they do provide the options of removing or memorializing accounts of people who are deceased.
When your account is memorialized, it remains online as a sort of tribute to remember you after you’ve passed away.
Memorialized profiles have a few distinguishing features from normal accounts – the word ‘Remembering” is shown next to your name, no-one can log into your account, and your photos remain visible. Most importantly, no changes can be made to the account – including comments on photos, privacy settings, profile picture or who you’re following.
To memorialize an account, your executors will be required to submit a request – providing your birth certificate, death certificate and proof under local law you have the authority to do so.
Alternatively, they can request your account is removed by providing the same information.
Your Youtube account falls under Google’s ‘Inactive Account Manager’ and has much the same properties and process as described above for Gmail accounts. No access to the account is given, but the executor is able to remove the account.
Like the other platforms, if someone has passed away or is incapacitated, you can submit a request for the removal of the users account. You will be required to provide information about yourself and the other person including passports, identification, certificates of birth and death and prove legal authority to handle their affairs.
Devices & Other Accounts
This is where things get extra tricky. Your phone, computer, safe code, house security pin and other accounts like your phone plan, electricity, gas, water and cable present particular problems since they tend not to be as forward moving as modern tech companies.
It’s important to understand that most, if not all devices these days, are built with security at the forefront of their objective. Obviously, this is because most (if not all) of our most important information is stored there – photos, videos, emails, messages, contacts, documents and more!
This represents a particular problem, as often it is this very information that would be most helpful to your loved ones if you passed away – be it photos from a family vacation, or simply the details of your phone plan they might need. Alternatively, you may wish to have your device wiped when you die since as devices age and technology becomes more sophisticated, access may become available in the future. This of course would also require providing access to a trusted person.
Common question – Can you access a deceased person’s phone?
No. It is essentially impossible to gain access to a deceased person’s phone. Most phone companies build their services with security and privacy in mind, which inherently means they themselves don’t have access to the data either. Apple in particular are extremely definite in their terms and conditions regarding their device and iCloud content – making it abundantly clear they will not provide access under any circumstances – even if you’re the FBI.
Can you access a deceased persons computer?
While there are some exceptions for windows, generally speaking, it is impossible to access a user’s account without their password or a lot more information (such as secret question answers etc).
When it comes to other accounts, the sheer number of providers means it is hard to break down any hard and fast rules.
Generally speaking however, most utility companies (gas, electricity, water) frequently encounter such occurrences and tend to have procedures in place to handle them. It is safe to assume your loved ones will require legal documentation to confirm death and right of authority.
Does this process work? Yes. Is it efficient time wise? No.
Other accounts, say subscriptions to Cable TV, Netflix and cell phone providers become more difficult as every service will follow different procedures.
~ A note on two factor authorisation ~
Before cancelling a phone account, make sure you’ve closed all other accounts. Often mobile phone numbers are used for two factor authentication, and by closing this account you will permanently lock yourself out.
Solutions – so what can I do?
In pretty much all of the above situations, it is preferable for your trusted ones to have access to your login details to save them a headache, and enable them to handle your data appropriately.
Unfortunately, the solutions for this sort of issue are limited. It is further complicated by the fact that passwords change over time (so any measures you take will probably require constant updating), the security risk associated with having your passwords stored insecurely, and if you want people to have access before you die.
Option 1 – Just Tell Them
If you have only one or two passwords, just tell the person. This is the simplest option, and will work well if you never change the password and trust the person you are giving them to. As soon as you start changing passwords your trusted person may find it difficult to remember. The downside is from the moment you tell them, they immediately have access to all your files (even before you die).
- Simple and Effective
- Little Chance of Others Gaining Access
- Perpetual Access to your data
- Forgetfulness becomes an issue
- Ineffective for more than one or two passwords
Option 2 – The Paper Record
Another option is to keep a notebook full of your passwords somewhere that’s safe, secure and has little chance of being stumbled upon. For instance, no use keeping it near your computer – if your house is ever broken into you’ve now given away the keys to the kingdom!
When you change a password, update it in the notebook, and keep the location of the notebook secret.
In your Will, put in the location of the book using words/descriptors that only your loved ones understand (as Wills become public domain after you pass away).
- Passwords can’t be forgotten
- No one can access until they receive your Will
- Free (aside from paying for the Will)
- People may accidentally find the list
- You may forget to update the passwords
- Ineffective if you give them a copy of the Will beforehand
Option 3 – Use a Password Manager
If you have a password manager application (such as LastPass or Dashlane) you can create emergency access protocols, and similar to Google, you can also set a period of time during which they will attempt to contact you before releasing the information.
- Provide all your passwords in one go
- Passwords are securely stored
- Easily updated over time
- Organised by domain and autofills
- Access is non-discriminant – Whoever receives the passwords, receives every password
- Membership cost for password manager
- Depending on the manager, most passwords are stored on the device side only – so you still have to handle providing this person with the device credentials using another method.
Option 4 – Prepared.ly
Prepared.ly offers a flexible, systematic solution to this problem. You can add passwords for any sort of device/account, assign them individually to different people, and update them easily from your phone, tablet or computer. Passwords are discriminate (can provide different people different passwords), and only sent after your death is confirmed.
- Easy add and update passwords
- Provide particular passwords to specific people and not others
- Only delivered after you pass away
- If you don’t have an account already, you’ll need to make one.
- You need to remember to update your passwords.
Which methodology you use ultimately depends on your current situation, and the number of logins you need to provide.
If you have just one device with everything on it, and don’t mind your family having access before you pass away, you can simply tell them the password.
If you’re not in this camp, you’re essentially looking at balancing a trade-off between the security of storage, ease of maintenance, and guarantee of delivery.
If you have a lot of passwords and you don’t mind the recipient having access to them all, then the paper method will work for you (either as a list of all your passwords, or a single password for a device with a password manager installed), although you will need to update your Will every time you decide to change the location.
Anything else, and Prepared.ly is currently the only system to handle the security and delivery of your passwords – regardless of complexity – with the least amount of hassle for your loved ones. Simple. Safe. Reliable.